A Service Catalog administrator defines, manages, and distributes compliant IT services. The administrator requires permissions to manage the Service Catalog console, products, portfolios, constraints, and end-user access. An administrator can be an Alibaba Cloud account, a RAM user, or a RAM role. This topic uses a RAM user as an example.
Prerequisites
A RAM user is created. For more information, see Create a RAM user.
Procedure
Console
-
Log on to the RAM console.
-
On the Users page, find the target user and click Add Permissions in the Operation column.
-
In the Grant Permission panel, grant permissions to the RAM user.
-
For Resource Scope, select Account.
-
For Policy, search for and select AliyunServiceCatalogAdminFullAccess. This is a system policy. If you need to grant other custom policies, you must first create a custom permission policy and then select the policy.
NoteAliyunServiceCatalogAdminFullAccess grants full administrative permissions for Service Catalog, including access to all features available to end users and other administrators.
-
-
Click OK.
API
Grant a custom policy
-
Call the CreatePolicy operation to create a custom policy. For more information, see Basic elements of a permission policy and Overview of the permission policy example library.
-
Call the AttachPolicyToUser operation to attach the permission policy to the specified RAM user. Set the
PolicyTypeparameter toCustom.
Grant a system policy
Call the AttachPolicyToUser operation to attach the permission policy to the specified RAM user. Set the PolicyType parameter to System and the PolicyName parameter to AliyunServiceCatalogAdminFullAccess.